mokaiba Posted December 6, 2015 Share Posted December 6, 2015 (edited) In response to post #31561115. #31561180, #31561660, #31562180, #31562605, #31562795, #31563395 are all replies on the same post. Reveal hidden contents Quote mokaiba wrote: im not worried about anyone getting into my email since I dont even know my email password. I have it written down because its just a bunch of randomness. eg, SJDHF&yhfsdhgf&*^#&*$TGFg375r2hdehfbghus <- like that lol Quote katleigh93 wrote: Hehehehe, thats the best kind to have mokaiba :D Quote mokaiba wrote: I do this for all websites that i care about keeping others out. This was not one of them and had a really simple password because I didnt care if anyone gained access as they wouldnt gain anything from it. I think they gained access to my account but didnt change anything and only wrote down the email. I have noticed an increase of spam mail to my email address this past week. Just in case they try to change my password here, I went and changed it from my 'lower case eight-letter' password to an alphanumeric :)btw, I dont use my real name or personal information anywhere as well. even facebook has a fake name for me. Quote ultim8f8 wrote: Difficulty to remember: maximumBits of entropy: maximumBut there are better ways: xkcd: Password Strength Quote mokaiba wrote: I use entire sentences when it comes to work and financial-related passwords. I treat those as on an entirely different level than everything else. eg, ILikePinkButterFliesthatswimintheOcean1! good luck guessing that and cracking it lol Quote katleigh93 wrote: Lol, now that security, hehehehe Quote SingABrightSong wrote: As strong as XKCD's password is in regards to bits of entropy, it is rather vulnerable to dictionary attacks, where instead of "CorrectHorseBatteryStaple" being 25 characters, it is just four common strings that are concatenated. That said "gibberish" strings can be made more easily remembered. An example given was "4S&7Ya,oFb4thutCanN,ciL,&dttPtaMac=.", which is interpreted by the human reader as an abbreviaton of the opening of the Gettysburg Addressthats why you add numbers and symbols (to delay dictionary attacks). brute force is going to check letter by letter first then word by word, however, once you pass 20 characters, it becomes time consuming for the process to complete. it doesnt matter if they are all known words. the fact is, it will take years to brute force a 25 character password (government could do it in less time though). one would assume, that before that occurs, that you have changed the password. Most websites will lock your account after so many failed attempts as well.use my example above (pink butter flies):2 quattuorvigintillion possible combinations.It would take a desktop PC about 22 octodecillion years to crack.or, take a super computer capable of 50,000,000,000,000,000 keys per second.1.7767289882885646e+40 years 166 days 23 hours 51 minutes and 36 seconds(2.803405260273855e+49 password combinations)just shows you that using real words is irrelevant after 20 characters. regardless of passwords used or the methods for them. the easiest solution for this website is to change to ssl (https) for all connections. 80% of the issues related to passwords and security will be eliminated when that change occurs. Bascially, it would come down to a potential hacker doing this.1. its ssl2. passwords are hashed and salted.3. not really worth my time.4. moves on to another website. Edited December 6, 2015 by mokaiba Link to comment Share on other sites More sharing options...
mobzk Posted December 6, 2015 Share Posted December 6, 2015 Whats Going On? Link to comment Share on other sites More sharing options...
MetalCaveman Posted December 6, 2015 Share Posted December 6, 2015 Thanks for the heads up, I've gone through all of my recently installed mods and didn't find anything strange (I've only installed mods for NV). Also went and changed some passwords (I never re-use them, but better safe than sorry). Link to comment Share on other sites More sharing options...
TechSnarf Posted December 6, 2015 Share Posted December 6, 2015 As an SA myself I feel your pain. It's great you're willing to get out in front of this. GeohoundJason does a great job of saying how most of us feel about the situation. People forget security is a burden we all must share, and you do a great job explaining things in terms most can understand without talking down to anyone. Hang in there! Link to comment Share on other sites More sharing options...
xraybravoxray Posted December 6, 2015 Share Posted December 6, 2015 Windows defender has caught 3 Trojans since Thanksgiving, all from Nexus. Could it be all the adds? They all seem to target my browser. Virus scans after download have not caught anything. Only catching when looking a the site. Link to comment Share on other sites More sharing options...
thehappiestEmo Posted December 6, 2015 Share Posted December 6, 2015 Just the fact that you are being straightforward with us is enough for me. Even the best security in the world isn't impervious, but informing your users before things actually get ugly is the right thing to do. Kudos. Link to comment Share on other sites More sharing options...
khmp Posted December 6, 2015 Share Posted December 6, 2015 Thanks for keeping us in the loop. And I wish you and your team much luck in figuring out the extent and fix quickly if indeed a breech has occurred. Link to comment Share on other sites More sharing options...
leevon13 Posted December 6, 2015 Share Posted December 6, 2015 yo, thanks for the heads up. Would it be possible to get the names of the mod files that were affected? Link to comment Share on other sites More sharing options...
esfewsf Posted December 6, 2015 Share Posted December 6, 2015 In response to post #31566170. #31566375, #31567315 are all replies on the same post. Reveal hidden contents Quote algustin wrote: help im trying to change my password but it keeps telling me that my current password is wrong even tho im sure it's right Quote urielz wrote: try resetting you password Quote algustin wrote: and how do i exactly do that? please?log out and when you try to log in again look for a "forgot password" button. Maybe you have to enter a wrong password to get to the screen where you can find the "forgot password" button. Link to comment Share on other sites More sharing options...
Gwenneby Posted December 6, 2015 Share Posted December 6, 2015 In response to post #31566170. #31566375, #31567315, #31569360 are all replies on the same post. Reveal hidden contents Quote algustin wrote: help im trying to change my password but it keeps telling me that my current password is wrong even tho im sure it's right Quote urielz wrote: try resetting you password Quote algustin wrote: and how do i exactly do that? please? Quote esfewsf wrote: log out and when you try to log in again look for a "forgot password" button. Maybe you have to enter a wrong password to get to the screen where you can find the "forgot password" button.yeah i did that like a second ago thanks anyway Link to comment Share on other sites More sharing options...
Recommended Posts